SECURE – ENGAGING – EVERYWHERE

DTV.NAGRA.COM

UNIFYING CONTENT SECURITY ON CONNECTED DEVICES

WHITE PAPER - SEPTEMBER 2015

Freeing Pay-TV Service Providers to Pursue Next-Generation TV While Reducing the Cost and Complexity of Running Multiple CAS & DRM Systems

2

+ Rationalize Legacy

– Rationalizing multiple security clients drives efficiency & consistency across all services

+ Ensure Adaptive Security

– The ability to support the best possible end-to-end security on every device is key to driving service growth

+ Be Ready for 4K

– “Enhanced Content” (Ultra HD, HDR) Is coming and it’s driving increased security requirements

+ Reach Every Device

– Efficiently supporting open CE devices is critical to success

This paper looks at the evolving needs of pay-TV service providers as their growing multi-screen distribution strategies create increasing complexity in their content protection systems. It highlights the four key drivers that are causing pay-TV companies to reconsider their existing CAS/DRM architectures, and explains the reasons for moving toward a more unified approach that streamlines the implementation and operation of content security across multiple networks and devices. Those key drivers are :

EXECUTIVE SUMMARY

3

Depending on the type of service provider, becoming a

multi-network operator has meant different things. For

satellite and terrestrial service providers, it has meant

complementing their existing platforms with OTT-

delivered services like catch-up TV, SVOD and premium

VOD services. Meanwhile, cable operators are beginning

the transition to all-IP with DOCSIS3.x and Fiber to the

Home (FTTH), creating a single network for distribution

of ABR Multicast and Unicast services. Even Telco’s –

who have always delivered video over IP – are evolving

to fully integrate multi-cast and on-demand OTT content

into single, multi-device service delivery platforms.

The evolution of these multi-network services has

often happened organically, with new ways of delivering

content being implemented in parallel to legacy systems.

This has often resulted in multiple service delivery and

content protection systems being used, with two or

more security schemes being implemented on many

set-top boxes and other connected devices to support

the different services. This amalgamation of systems

and vendors is now pushing the operational capabilities

of some service provider organizations to the limit and

making the overall management of multi-network video

delivery platform unnecessarily complex.

While the word “hybrid” was only a great new idea for delivering video a decade ago, today it is a solid reality for most pay-TV service providers. The modern pay-TV operator is becoming almost universally “multi-network”, driven by strong broadband penetration, mass consumer adoption of open CE devices, and the business need to create “stickier” services that increase customer loyalty and that prevent churn. The popularity of pure Over-The-Top (OTT) services from companies like Netflix and Amazon as well as directly from the content providers themselves (e.g. HBO, Sony and CBS), only increases the urgency for pay-TV service providers to provide their premium content over multiple networks to any device.

INTRODUCTION

OTT

DTH

CABLE TELCO

4

The pace of transformation in the pay TV industry has reached a point where the flexibility service providers require to pursue new opportunities can only be achieved through a far more unified approach to service delivery. In addition to rationalizing video and metadata workflows, the other critical element to unify is content protection,

which requires an all-new, streamlined approach to ensuring secure delivery of content not only to operator-

controlled set-top boxes (STBs), but also to all other connected CE devices like PC/Mac, smartphones, tablets and

Connected TVs. And this must be done across broadcast, multi-cast, OTT and throughout the connected home in

order to ensure that the consumer has a consistent experience across all devices while still ensuring that content

licensing agreements are fully respected.

Adding to these challenges is the increasing complexity of content suppliers’ security requirements. These

requirements vary widely depending on:

Type of Delivery Network

Live Streaming vs.On-Demand Content

Types of Viewing Devices(Operator Controlled vs. Open CE)

Business Models(Subscription, Transaction, EST...)

Content Exclusivity

Enhanced Content(Quality, Window)

Multi-network service providers therefore need a unified security client that allows them to implement whatever levels of protection are required to satisfy consumers’ demand on any device, anywhere “on the go” and in the

home, and access to any type of content – whether it be live or on demand, from the service provider themselves or

from third-party pure OTT players like Netflix or YouTube.

5

RATIONALIZING MULTIPLE SECURITY CLIENTS DRIVES EFFICIENCY & CONSISTENCY ACROSS ALL SERVICES Increasingly, operator-controlled STBs are IP-

connected, whether as a sole method of content

delivery (e.g. OTT or IPTV STBs) or as a complement to

broadcast content delivery (hybrid STBs). But until now,

STBs have had to incorporate two or more completely

parallel content protection systems: a conditional

access system to secure broadcast and multicast

content, and one or more digital rights management

(DRM) systems to secure OTT content and local

content protection within the home. This has required

multiple integration efforts, multiple sets of security

requirements and certifications, and multiple head-

end servers, which has not assisted service providers

in quickly and efficiently delivering an optimized,

unified service to their subscribers. This has lead to a

situation where hybrid set-top boxes require twice the

work to implement both broadcast/IPTV and OTT/home

networking security:

The lack of a single, responsible party for resolving all security-related issues with the device therefore leads to inefficiency and risk that is undesirable to most businesses.

The introduction of a single security client to support

DVB, IPT V, OTT and in-home distribution would

therefore resolve all these problems and provide

additional capabilities and operational improvements

to the business, as long as they are driven by a common

headend.

As pay-TV service providers formulate strategies to tap the many new opportunities emerging at this industry-wide inflection point in the evolution of pay TV, they must take a new approach to security management as a first step toward freeing themselves from the restrictions of the past. In the discussion that follows we explore the four key security-related challenges and opportunities that pay-TV service providers should consider while planning next-generation multi-network/multi-device service delivery and content security architectures in order to ensure their systems are streamlined, future-proof, and provide the business functionality required to innovate new consumer services.

THE FOUR KEY DRIVERS TOWARD A UNIFIED SECURITY CLIENT

CAS Client DRM Client

Testing & CertificationContent Provider Security RequirementsVendors RelationshipsHeadend Servers & InterfacesLicensing & Maintenance FeesService Level AgreementsChange Request ProcessesBreach Response Processes

Testing & CertificationContent Provider Security RequirementsVendors RelationshipsHeadend Servers & InterfacesLicensing & Maintenance FeesService Level AgreementsChange Request ProcessesBreach Response Processes

6

+ Network Protection = Securing the transmission

+ Device Protection = Securing the security system

from attack on the device

+ Content Protection = Securing the programming itself

+ Ecosystem Security = Fighting piracy outside

the traditional broadcast paradigm - including

content sharing and streaming - as well as

securing the service provider’s IT infrastructure

(OTT backend, billing, payments, etc.

This combination of technologies and services has given

pay-TV providers excellent revenue assurance since

the launch of the first DVB services in the mid 1990’s.

The current-generation STB security integration

best practices ensure this high level of protection by

implementing the following:

+ A propriety hardware root of trust (HWRoT)

including countermeasures that can be seamlessly

applied across different System on a Chip (SoC)

vendors and for which the CAS vendor takes full

responsibility independent from the SoC vendor.

+ Device-level hardware and software security

guidelines and requirements backed up by a

rigorous certification process, creating the

equivalent of a Trusted Execution Environment

(TEE) in the STB with typical requirements like

debug port lockdown, trusted applications, etc.

+ A CAS vendor-controlled boot loader process to

protect the service provider’s investment in the STB

hardware against unauthorized tampering our usage

outside of the intended geography or purpose.

Though this process continues to provide the benefits

outlined above, in an increasingly open and OTT-driven

world, it is beginning to be seen by many service

providers as restrictive for several reasons:

+ They want to support new application

environments like Android TV or other HTML5-

based application environments like RDK.

+ They increasingly require support for 3rd-party

apps like Netflix and YouTube which bring with

them their own streaming formats, DRM and

security requirements.

+ They desire a CAS vendor-independent HWRoT

and boot loader in order to be able to support

multiple security systems in the box

+ They are looking to improve the speed of

traditional STB integration processes, which

sometimes take months instead of weeks.

+ They wish to extend a similar process to other

devices like Connected TVs and open CE devices

THE ABILITY TO SUPPORT THE BEST POSSIBLE END-TO-END SECURITY ON EVERY DEVICE IS KEY TO DRIVING SERVICE GROWTHThough this is now rapidly changing, the STB has

traditionally been an operator-controlled device and

the primary channel for delivering pay-TV services.

Through a specified integration and certification

process, the service provider’s chosen security partner

integrates their CAS or DRM-based security into

devices with the associated warranties and guarantees.

This comprehensive protection usually includes the

following components:

CONTENT DEVICE CONTENT ECOSYSTEM

CYBER SECURITYCAS DRM

7

The emerging requirements of service providers will therefore require next-generation content security vendors to offer a flexible range of adaptive security solutions that provide the highest level of security possible on each device according to the infrastructure that device provides. The range of device environments

requiring a flexible adaptive security approach include:

1. Devices with proprietary HWRoTs, which will

continue to offer the highest levels of security (with

the associated warranties and guaranties).

2. More open STBs like Android STBs that use

standardized HWRoTs and offer a Trusted Execution

Environment (TEE) will offer a high but lesser

degree of security because they source elements of

the overall security solution from different parties,

making it impossible for any one party to take full

liability for the overall security solution.

3. Legacy STBs that contain no HWRoT or an

inaccessible HWRoT, which can still be secured

using a software-only security client, but this is

inherently less secure than the prior two solutions

and is reserved for situations where the benefit

outweighs the risk. This allows for, for instance, the

replacement of legacy conditional access or DRM

systems that the service provider no longer wishes

to use.

4. Open CE devices, which must implement secure

player technologies that include security features

like individualization, obfuscation, anti-tampering

and device revocation, as well as leveraging a

HWRoT and TEE if this is available.

It is therefore critical that service providers choose

flexible, capable technology partners that can provide

the highest level of security available on any device

in order to protect their revenues and ensure content

provider requirements are met.

“ ENHANCED CONTENT ” (ULTRA HD, HDR) IS COMING AND IT’S DRIVING INCREASED SECURITY REQUIREMENTSNew levels of security tied to licensing of high-value content for new types of services have been under discussion

for some time and have a major impact on future pay-TV service provider technology choices. Hollywood studios

began to consider increased security requirements to support high-priced home theater services that would

make new movies available day and date or soon after theatrical release. While pushback from theater chains

opposed to this policy sidetracked the effort, it’s now clear these higher security requirements will come back

into play with the licensing of “Enhanced Content” movies, meaning those delivered in Ultra HD, HD HDR and/or

very early release windows.

8

and other measures that have not been part of the typical multiscreen pay TV paradigm.

The need to accommodate the ECP securit y requirements is imminent, as evidenced by the pace of preparations for expanded Ultra HD services across the pay TV and OTT sectors. While considerable uncertainty remains as to what the

standards will be for ECP services, including the extent

to which High Dynamic Range (HDR) technologies will

become part of the equation, a higher-than-anticipated

pace of penetration of Ultra HD TV sets has triggered

Ultra HD service rollouts on the part of Netflix, Amazon

and other OTT suppliers as well as a handful of pay-TV

service providers2.

Incorporating these requirements along with the other MovieLabs-recommended measures into the next-generation content protection systems has now become a top priority for multi-network service providers, and

must be considered for both broadcast, multicast and

OTT content. Having to ensure that multiple content

protection schemes comply to new requirements can

represent a significant overhead to new ECP-related

projects. On the other hand, having a Hollywood-trusted

strategic security partner and a unified security client

that addresses all of these requirements at once can

provide a major reduction in complexity, cost and time to

market for service providers.

1 MovieLabs Specification for Enhanced Content Protection Version 1.12 ScreenPlays, “Holding Back on UHD Serivces Not a Good Option for MVPDs”, February 2015

Binding to Device

Software Diversity

Integrity & Robustness

Revocation & Renewal

Outputs & Link Protection

Encryption

Secure Media Pipeline

Secure Computation Environment

Hardware Root of Trust

Forensic & PlaybackControl Watermarking

Breach Response

Certification

It is however worth noting that content owner security priorities might not always be the same as service provider security priorities. While studios’ primary interest is to ensure that their premium content is protected (especially in early release windows like first-run VOD), service providers have a much broader interest to ensure that the overall service is protected – especially premium live services in which the studios take little interest. It is therefore key when deciding on new content protection technologies and services to look at them from both these points of view.

MovieLabs, the research and development joint venture started by the six major motion picture studios, has

published new content security ECP requirements1 that include:

9

EFFICIENTLY SUPPORTING OPEN CE DEVICES IS CRITICAL TO SUCCESSAs consumers increasingly expect to be able to use their

own devices to consume pay TV services, operators

are faced with both a great opportunity as well as a

dilemma regarding security. They are forced to either

support the built-in DRM schemes available in some

devices, or must deploy software application-based

security in the form of secure players. Regardless of

the approach chosen, there are still several challenges

to face:

+ While Connected TVs represent a tremendous

opportunity for pay-TV service providers to

reach existing consumers more cost-effectively

without additional equipment like STBs and

CI+ modules, they have traditionally lacked the

necessary security infrastructure to meet studio

requirements for premium content protection.

Finding a strategic content security partner

who is able to provide a secure Connected TV

solution would therefore mean new subscriptions

delivered at a lower acquisition cost, as well

as enabling new business models and joint

promotion opportunities with TV manufacturers.

+ CE devices/browsers only support OTT but not

broadcast services, with the notable exception of

Connected TVs. And despite the quick progression

of OTT in the marketplace, broadcast still plays

an essential role for delivering pay-TV services.

It is therefore critical to find a content security

solution that provides a unified security client that

supports as many different use cases across as

many different networks as possible.

+ To achieve maximum device reach, service

providers may try to leverage the built-in

streaming technologies, native file formats and

security provided by many browsers and devices.

“Platform DRMs” like Apple Fairplay on iOS

and Safari, Microsoft PlayReady on Xbox and

Internet Explorer, Google Widevine on Chrome

and Android, etc. require that the service provider

leverage and rely on 3rd-party implementations

over which they have no control or say, making it

unclear who will actually develop new features

required and provide the necessary counter

measures in case of security breaches. Use of a

pay-TV operator-centric content security solution

is therefore preferable whenever possible in

order to ensure that the operator stays in charge

of their own technology destiny and has maximum

control and vendor support.

Service providers therefore need a strategic, pay-TV-centric security partner who will help them achieve maximum device reach, maximum control over their own technology roadmap, maximum responsiveness in case of breach, and maximum efficiency in operating their content security infrastructure so they can be freed up

to market new and innovative services to their customers.

10

Gaining the ability to efficiently provide ironclad security

in connected device environments has thus become the

linchpin to service provider’s opportunity to turn new

video consumption behavior to their advantage. Now, for

the first time, NAGRA’s anyCAST CONNECT platform

is providing operators the security management tools

they need to satisfy these requirements.

Through anyCAST CONNECT, operators have the ability

to dynamically provision the highest levels of security

matched to whatever devices consumers use to access

content at any point in time, whether the devices run

on the widely deployed chipsets embedded with

the NAGRA On-Chip Security root of trust, chipsets

employing TEE roots of trust or open CE devices that

provide no hardware-based security infrastructure.

Through utilization of a single client that seamlessly

manages content security and business rules in accord

with the requirements of each device, service providers

will have the flexibility to execute whatever business

models they deem appropriate to enhancing their

opportunities to satisfy consumers and improve ARPU.

anyCAST CONNECT represents the next generation of

content security for connected devices. With its flexible

design and the long-standing security expertise of

NAGRA, service providers get a unique solution that

optimizes cost, makes operations more efficient, and

allows for the faster and more consistent provisioning

of new services across multiple devices.

Developments disrupting the traditional pay TV business have generated much confusion among pay-TV service providers over how best to adjust to the new trends. As first-generation solutions have become increasingly complex to manage, a new and more unified approach is called for to drive business efficiency and take maximum advantage of emerging business opportunities.

CONCLUSION

11

NAGRA anyCAST CONNECT is part of a full range of broadcast and connected security solutions offered by NAGRA

in order to meet the needs of service providers delivering any content over any network to any device.

UNIFY CAS AND DRM FEATURESFOR CONNECTED DEVICES

SUPPORT A WIDE RANGE OF DEVICES

ENSURE MAXIMUM SECURITYON EACH DEVICE

UNIFY PRODUCT MANAGEMENTACROSS NETWORKS

MEET KEY STUDIOLICESING REQUIREMENTS

3RD PARTY PURE OTTSERVICE SUPPORT

+ Brings CAS and DRM together as single security client with a single integration, testing and certification effort and a single headend.

+ For use with STBs and gateways, Connected TV’s, PC/Mac and iOS/Android.

+ Supports the NAGRA proprietary and advanced HWRoT, “ NOCS3 ”+ Supports NOCS for TV, now being directly integrated into major TV chipsets+ Supports 3rd party HWRoT and TEEs in order to address open CE devices+ Can be implemented as a secure player for application-based security for

Android, iOS, browsers plug-ins

+ Use a single Security Services Platform to define business rules and across define use cases for DVB, IPTV, OTT and in-home content distribution

+ Meets MovieLabs requirements for Enhanced Content like Ultra HD

+ Brings pre-integrated support for services like Netflix which considers anyCAST CONNECT a Netflix-approved DRM scheme

BGA, SC or SIM

12

For more information on this White Paper, please contact the authors:

Sebastien KramerSVP Business Development and PLM

sebastian.kramer@nagra.com

Christopher SchoutenSenior Director Product Marketingchristopher.schouten@nagra.com

KUDELSKI, NAGRA, OPENTV, SMARDTV and their respective logos are trademarks, registered trademarks or service marks of Kudelski SA and/or its affiliates.

All other trademarks are the property of their respective owners.

All product and application features and specifications are subject to change at the sole discretion of Nagravision SA at any time and without notice.

© 2015 Nagravision SA - All rights reserved.

SECURE – ENGAGING – EVERYWHERE

DTV.NAGRA.COM

de

sig

n:

dia

bo

lo.c

om